what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files Date: 2016-08-02

OpenSSH 7.3p1
Posted Aug 2, 2016
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Multiple updates including a security fix.
tags | tool, encryption
systems | linux, unix, openbsd
advisories | CVE-2016-6210
SHA-256 | efc912a2ef7e938fa36df6787cd9d21b45463cd4f9d70764e9e61a961786691b
Polycom Command Shell Authorization Bypass
Posted Aug 2, 2016
Authored by Paul Haas, h00die | Site metasploit.com

The login component of the Polycom Command Shell on Polycom HDX video endpints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection in the ping command which can be used to execute arbitrary commands as root.

tags | exploit, remote, arbitrary, shell, root
SHA-256 | 548cc509510583c6e9073f79cf341d4f7d444c54333db5eee6854c756f2f9ecf
TOR Virtual Network Tunneling Tool 0.2.8.6
Posted Aug 2, 2016
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.2.8.6 is the first stable version of the Tor 0.2.8 series. The Tor 0.2.8 series improves client bootstrapping performance, completes the authority-side implementation of improved identity keys for relays, and includes numerous bugfixes and performance improvements throughout the program. This release continues to improve the coverage of Tor's test suite.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | ef7b488e810aef88de330c0e20b0f8202df6271ec36d6e164ce3536c4e40d3aa
Red Hat Security Advisory 2016-1539-01
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1539-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2015-8660, CVE-2016-2143, CVE-2016-4470
SHA-256 | a0ebfcaea69e03370b97678ac5b2af09385693a06588a694af826744d11bfd62
Red Hat Security Advisory 2016-1538-01
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1538-01 - The golang packages provide the Go programming language compiler. The following packages have been upgraded to a newer upstream version: golang. Security Fix: An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTP_PROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTP_PROXY" is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack.

tags | advisory, web, cgi
systems | linux, redhat
advisories | CVE-2016-5386
SHA-256 | a49af167bda5963869cc3ce421f91751bc6f1030d72c76554c0eec5ddbbaef2d
WordPress WangGuard 1.7.1 Cross Site Scripting
Posted Aug 2, 2016
Authored by Yorick Koster, Securify B.V.

WordPress WangGuard plugin version 1.7.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3051456cf2c889f689308508ff4c2b710884818fc46e3bee93704407dccdf0c6
WordPress Uji Countdown 2.0.6 Cross Site Scripting
Posted Aug 2, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Uji Countdown plugin version 2.0.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2eb875254f090d907a59a28a55943e84566f3430544df03b57979f23ad8ced80
Zoll ePCR 2.6.4 Script Insertion
Posted Aug 2, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Zoll ePCR version 2.6.4 suffers from a malicious script insertion vulnerability.

tags | exploit
SHA-256 | 02ff9733c2c364cbbbe62aed4f093ecda42c3f5df4f53f6935490c3498ed698a
Docebo LMS 6.9 Remote Code Execution
Posted Aug 2, 2016
Authored by Vulnerability Laboratory, Lawrence Amer | Site vulnerability-lab.com

Docebo LMS version 6.9 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | f524c2d024645aff1cf52aac28d1e4b8f18581d220d14822fa0547416aaade37
FortiManager Script Insertion
Posted Aug 2, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Multiple versions of FortiManager allows for malicious script insertion attacks.

tags | exploit
SHA-256 | 7df3f3e07f45ebb127ad2e79a9448064f5e6886f5a0d7c188ecee2f66517d7d9
HP Security Bulletin HPSBGN03564 2
Posted Aug 2, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03564 2 - A vulnerability in Apache Commons Collections for handling Java object deserialization was addressed by HPE Release Control. The vulnerability could be exploited remotely to allow code execution. Revision 2 of this advisory.

tags | advisory, java, code execution
advisories | CVE-2016-1999
SHA-256 | afdaca6bf17ef91c2a531287417315a9cb95c9979b6e134ca3e6f79bae9ab7db
Red Hat Security Advisory 2016-1532-02
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1532-02 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2015-8660, CVE-2016-4470
SHA-256 | ae0ec067d76f883f07ac5ae1dac7a6ee3601b9b24f9fbd3814d99d690ead6941
Red Hat Security Advisory 2016-1541-03
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1541-03 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2015-8660, CVE-2016-4470
SHA-256 | 993b6f46bf8ef0fd9c20f5a4cd5b31000f1cfdfbbebb96d3af8403e94e254c62
Red Hat Security Advisory 2016-1547-01
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1547-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2014-9655, CVE-2015-1547, CVE-2015-7554, CVE-2015-8665, CVE-2015-8668, CVE-2015-8683, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2015-8784, CVE-2016-3632, CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5320
SHA-256 | ed518f90e6c9ad3adf207b0b3d18c196fe24aa28b1fe7abacc185d48bfa46c88
Red Hat Security Advisory 2016-1546-01
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1546-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2014-9655, CVE-2015-1547, CVE-2015-7554, CVE-2015-8665, CVE-2015-8668, CVE-2015-8683, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2015-8784, CVE-2016-3632, CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5320
SHA-256 | d6d08c83372856ace1e74e57bd70ff4119f60d17795f1b25721f1313504053f7
Ubuntu Security Notice USN-3045-1
Posted Aug 2, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3045-1 - It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2015-4116, CVE-2015-8873, CVE-2015-8876, CVE-2015-8935, CVE-2016-5093, CVE-2016-5094, CVE-2016-5095, CVE-2016-5096, CVE-2016-5114, CVE-2016-5385, CVE-2016-5399, CVE-2016-5768, CVE-2016-5769, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297
SHA-256 | 47fc0ea179e44d1fcb53b84c0bfce2c297ab17348494c2a4bfed673be21e1948
HPE Security Bulletin HPSBUX03632 SSRT110194 1
Posted Aug 2, 2016
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPSBUX03632 SSRT110194 1 - A potential security vulnerability has been identified in the HP-UX Mail Server running Sendmail. This vulnerability could be locally exploited to allow unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | hpux
advisories | CVE-2014-3956
SHA-256 | 2611e14853a5e7f2fd90830bc2ebfaf9ade33c054ba569656fb1ddfa30788e5a
WikWiki 2.1 Cross Site Scripting
Posted Aug 2, 2016
Authored by HaHwul

WikWiki version 2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e5e3d64c6c3e5347c0e6e3ef02dac0d6a5539c8bc5e33440dfd9c6a1c89cad45
Packet Storm New Exploits For July, 2016
Posted Aug 2, 2016
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 189 exploits added to Packet Storm in July, 2016.

tags | exploit
SHA-256 | e13a439ebcbdc61a9426b21acafbdd760dda29f7fe1a26252403bdeab0c53605
Joomla BreezingForms 1.8.x Arbitrary File Upload
Posted Aug 2, 2016
Authored by xBADGIRL21

Joomla BreezingForms component version 1.8.x suffers from a remote file upload vulnerability. The vendor has contacted Packet Storm and has noted that the default installation does not allow for execution of files with a php extension. Further, the issue related to upload was addressed by Crosstec in February of 2016.

tags | exploit, remote, shell
SHA-256 | 63717bcc7aa8aa7398593c0c628ebdcd52dc185b96e37f9597bc76663e440157
WinSaber Privilege Escalation
Posted Aug 2, 2016
Authored by Vulnerability Laboratory, ZwX | Site vulnerability-lab.com

WinSaber suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
SHA-256 | cd220dac4104cf53d7d592fbcd4594bb4ecb9762e472fd17e687a90b0f4ca4ef
Windows 7/x86 localhost Port Scanner Shellcode
Posted Aug 2, 2016
Authored by Roziul Hasan Khan Shifat

556 bytes large Windows 7/x86 localhost port scanner shellcode.

tags | x86, shellcode
systems | windows
SHA-256 | 265d47836d04b2f6973e571051cc38405113337daf0ac49a78b9ef6d923ed8c3
VUPlayer 2.49 .pls Stack Buffer Overflow
Posted Aug 2, 2016
Authored by Victor Portal Gonzalez

VUPlayer version 2.49 .pls file stack buffer overflow exploit with DEP bypass.

tags | exploit, overflow
SHA-256 | ee1c7e8c354d695397b108f6a9098e64d29ba1236833f715fdd3891a7e7e6ad7
Guppy CMS 5.01.03 Cross Site Scripting
Posted Aug 2, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Guppy CMS version 5.01.03 suffers from a client-side cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6195d576829b909832d59055cd73ace1271af43acf20833c99b77572cb8ea835
Linux/x86 NetCat Bind Shell With Port Shellcode
Posted Aug 2, 2016
Authored by CripSlick

44, 52 bytes Linux/x86 NetCat bind shell with port shellcode.

tags | shell, x86, shellcode
systems | linux
SHA-256 | d3b7d912c04cefa1326935cd7d9db1c97b626cd012e0f44b92ac0445820ed834
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close